ISACATRUST IN, AND VALUE FROM, INFORMATION SYSTEMSISACA.ORG

©2015 ISACA. All rights reserved.

Formed in 1969 as an audit organisation, but hasgrown to cover all aspects of IT governance, security,

risk, audit and cybersecurity

ISACA FACTS

• Founded in 1969 as the EDP AuditorsAssociation

• More than 115,000 members in over 180countries

• More than 200 chapters worldwide

Business Framework forGovernance and Managementof Enterprise Information Technology

SECURING SENSITIVE PERSONAL DATA OR INFORMATION UNDERINDIA’S IT ACT USING COBIT - 5

Chapter 1. What Is Personal Information?Chapter 2. Indian Sensitive Personal Data or Information

(SPDI) Protection RegulationsChapter 3. How COBIT 5 Can Be Used to Secure SPDIChapter 4. Meeting Stakeholders’ Needs for Securing SPDIChapter 5. COBIT 5 Enablers for Securing SPDI

You can download it from www.isaca.org/topic-india

Objective of the publication

Securing SPDI is now mandated by India’s IT(Amendment) Act, 2008. This publication helps providean approach to achieve this objective using the COBIT 5framework.

Objective of the publication

Securing SPDI is now mandated by India’s IT(Amendment) Act, 2008. This publication helps providean approach to achieve this objective using the COBIT 5framework.

On January 29, 2015, Anthem, Inc. (Anthem) learned of a cyberattack to our IT system. The cyberattackerstried to get private information about current and former Anthem members. We believe it happened over thecourse of several weeks beginning in early December 2014.

What did the cyberattackers access?Accessed information may have included: Names Dates of birth Social Security numbers Health care ID numbers Home addresses Email addresses Work information like income dataAnthem doesn't believe these kinds of information were targeted or accessed: Credit card or banking information Medical information like claims, test results or diagnostic codes

Hackers have stolen information on tens of millions of Anthem Inc. customers, in a massivedata breach that ranks among the largest in corporate history

On January 29, 2015, Anthem, Inc. (Anthem) learned of a cyberattack to our IT system. The cyberattackerstried to get private information about current and former Anthem members. We believe it happened over thecourse of several weeks beginning in early December 2014.

What did the cyberattackers access?Accessed information may have included: Names Dates of birth Social Security numbers Health care ID numbers Home addresses Email addresses Work information like income dataAnthem doesn't believe these kinds of information were targeted or accessed: Credit card or banking information Medical information like claims, test results or diagnostic codes

LESSON TO LEARN

• The question to ask yourself is –When will this happen to me ?(and not - Will this happen to me?) Am I ready

• Prepare yourself well

• Answer all the questions given in the checklist

• Make sure you have all the (correct) answers

• The question to ask yourself is –When will this happen to me ?(and not - Will this happen to me?) Am I ready

• Prepare yourself well

• Answer all the questions given in the checklist

• Make sure you have all the (correct) answers

You may use COBIT 5 for Information Securityto integrate the information security practiceswithin a comprehensive business frameworkto govern and manage enterprise IT

You may use COBIT 5 for Information Securityto integrate the information security practiceswithin a comprehensive business frameworkto govern and manage enterprise IT

Thank you!Avinash W. Kadam

awkadam@isaca.org